Hackers Suspected of Causing Second Power Outage in Ukraine

The same group of hackers that caused the power outage across several regions in Ukraine last Christmas holidays might have once again shut down power supply in northern Ukraine during the weekend.

According to Ukrainian energy provider Ukrenergo, a cyber attack on Kyiv’s power grid may have caused the power outages in the country on Saturday, December 17, near midnight.

The blackout affected the northern part of Kiev, the country’s capital, and surrounding areas, Ukrenergo Director Vsevolod Kovalchuk explained in a post on Facebook.

Shortly after the incident, Ukrenergo engineers switched to manual mode and started restoring power in approximately 30 minutes in an effort to deal with the cyber attack. Power was fully restored after just an hour and fifteen minutes of the blackout.

According to Kovalchuk, the one responsible for the weekend outage could be an "external interference through data network," however, the company’s cybersecurity experts are investigating the incident and will provide more information soon.

Although the reason for the outage is not yet confirmed, authorities believe that the unexpected power outage could be the latest in the series of cyber attacks that managed to strike the Ukrainian electric grid and financial infrastructure in December 2015.

The 2015 energy blackouts were caused with the help of a malware attack, known as BlackEnergy, which was distributed through boobytrapped Word documents and tricked recipients into enabling macros to activate the malicious payload.

Last year, the Ukraine’s state security service SBU blamed Russia for causing outages by planting malware on the networks of several regional energy companies.

Also, the United States Cyber firm iSight Partners identified the perpetrator as a Russian group of hackers known as "Sandworm."

While security experts have found no hard evidence that links these attacks on Ukrainian energy grid to Russia, they believe that the attackers appear to be a nation state with significant resources.

SCADA system has always been an attractive target for cybercrooks, given the success of Stuxnet malware that was developed by the US and Israeli together to sabotage the Iranian nuclear facilities a few years ago, and "Havex" that previously targeted organizations in the energy sector.